On Mon, Oct 27, 2003 at 04:53:54PM -0500, Robert Campbell wrote:
> On 2003-10-24 12:51 you wrote:
> > Well NFSv3 gives IP based security. It depends upon the client to
> > authenticate users. If user A should get root access on a system
> > (IP) which can access NFS mountable home directories, he can very easily
> > access user B's private information without knowing user B's password.
>
> What if the host containing the NFS mountable home directories exports
> those directories with the 'root_squash' directive (the default, on
> Debian systems at least). In this case the root user is mapped to the
> 'nobody' user on the exporting host. Therefore user 'root' on machine A
> should only be able access what user 'nobody' on machine B could access.

root on the client can su to any userid, and therefore read/write any
non-root user's files.